Ransomware attack infects 100,000 PCs in China

Early this December, around 100,000 computers in China were infected with poorly-written ransomware that encrypted user data on the infected computers. The ransomware also included an information-stealing component that harvested login credentials for several Chinese online services. The attacker demanded a ransom of 110 Yuan ($16) in exchange for decrypting the files, payable via WeChat, a social platform that sees ubiquitous use in China.

Aftermath of the attack

On December 4th, Huorong Security, a company that provides anti-virus software and other network security solutions, reported the attack. Huorong identified that the malicious code not only locked the computers but also stole the credentials of users who accessed popular online platforms like Tmall, Aliwangwang, Alipay, 163 Mailbox, Baidu Cloud, Jingdong, and QQ. Although the hack affected tens of thousands of users, the infection was limited to devices in China and it was identified that the encryption techniques the hacker used were very basic.

Following the initial reports of the hack, WeChat immediately deactivated the QR code the hacker was using to accept ransom payments. As a precautionary measure, authorities have requested the users of several services—including Alipay, Baidu Yun, Netease 163, Tencent QQ, Taobao, Tmall, and Jingdong—to change their passwords.

The authorities were able to track down and arrest a 22-year-old man named Luo Moumou on December 5th, who admitted his role in the attack.

Don't want to make the news for the wrong reasons? Download ManageEngine DataSecurity Plus, a tool that can detect, classify , and secure personal data , and mitigate ransomware attacks.

How can ManageEngine help with such situations?